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1 WE CLAIM: 

1 1 . A computer network comprising a plurality of interconnected network devices including: 

2 (a) aplurality of client computers; 

3 (b) an authentication server computer operated by a system administrator; and 

4 (c) a disk drive connected to the authentication server computer, the disk drive 

5 comprising: 

6 an interface for receiving personal authentication data and user access data from the 

7 system administrator; 

8 a disk for storing data; 

9 a disk controller for controlling access to the disk; 

M an authenticator, responsive to the personal authentication data, for enabling the disk 

mi controller; and 

Sz cryptographic circuitry for encrypting the user access data received from the system 

J:3 administrator into encrypted data stored on the disk. 

""il 2. The computer network as recited in claim 1, wherein the user access data comprises a 
^2 plurality of user identifiers and corresponding access rights to the plurality of network 

Q3 devices. 

1 3. The computer network as recited in claim 2, wherein the user access data further 

2 comprises user authentication data. 

1 4. The computer network as recited in claim 3, wherein the user authentication data 

2 comprises a user password. 

1 5. The computer network as recited in claim 1, wherein the personal authentication data 

2 comprises a user password. 
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1 6. The computer network as recited in claim 1 , wherein: 

2 (a) the cryptographic circuitry comprises an immutable secret drive key configured 

3 during manufacture of the disk drive; and 

4 (b) the secret drive key for use in encrypting the user access data. 

1 7. The computer network as recited in claim 2, wherein: 

2 (a) the disk stores encrypted device access data associated with the network devices; and 

3 (b) the device access data for use in authenticating device access requests transmitted 

4 from client computers to the network devices. 

yjl 8. The computer network as recited in claim 7, wherein the encrypted device access data 
p2 comprises an encrypted secret device key shared with a corresponding network device. 

1=^1 9. The computer network as recited in claim 7, wherein: 
, ^tz (a) the interface receives unencrypted device access data; and 

-3 (b) the cryptographic circuitry encrypts the unencrypted device access data into the 

encrypted device access data stored on the disk. 

1 10. The computer network as recited in claim 1, wherein the encrypted device access data is 

2 stored on the disk during manufacture of the disk drive. 

1 11. The computer network as recited in claim 7, wherein the encrypted device access data is 

2 transmitted from the network devices to the disk drive. 



Y:\K35A\A0638\DOCS\k35a0638paf.doc 7/3 1/00 



13 



•PATENT 
ATTY DOCKET: K35A0638 



1 12. A computer network comprising a plurality of interconnected network devices including: 

2 (a) a plurality of client computers; 

3 (b) an authentication server computer; and 

4 (c) a disk drive connected to the authentication server computer, the disk drive 

5 comprising: 

6 an interface for receiving from a client computer a user ID and a user access request 

7 to access a network device, and for transmitting device access data to the client 

8 computer; 

9 a disk for storing encrypted data; 

JO a disk controller, responsive to the user ID and user access request, for controlling 

D 

Ml access to the disk; and 

\M1 cryptographic circuitry for decrypting the encrypted data stored on the disk to 

W generate decrypted data, 

wherein the disk controller uses the decrypted data to generate the device access data 

^ transmitted to the client computer. 

y 13. The computer network as recited in claim 12, wherein: 

Mz (a) the encrypted data comprises encrypted user authentication data corresponding to the 

3 user ID; and 

4 (b) the cryptographic circuitry decrypts the encrypted user authentication data to generate 

5 decrypted user authentication data. 

1 14. The computer network as recited in claim 13, wherein the decrypted user authentication 

2 data comprises a user password. 

1 15. The computer network as recited in claim 12, wherein the cryptographic circuitry 

2 encrypts the device access data before transmission to the client computer. 
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1 16. The computer network as recited in claim 13, wherein: 

2 (a) the cryptographic circuitry encrypts the device access data before transmission to the 

3 client computer; and 

4 (b) the cryptographic circuitry encrypts the device access data using a cryptographic user 

5 key extracted from the decrypted user authentication data. 

1 17. The computer network as recited in claim 16, wherein the cryptographic user key is 

2 generated by the cryptographic circuitry using the decrypted user authentication data. 

^Jl 18. The computer network as recited in claim 16, wherein the cryptographic user key is a 

iij2 pubhc key for use in a public key encryption algorithm. 

: S i 

7^1 19. The computer network as recited in claim 12, wherein: 

f=i2 (a) the cryptographic circuitry encrypts the device access data using a secret device key 

= shared with the network device; and 

^4 (b) the secret device key is used by the network device to authenticate device access 

Ms requests received from cUent computers. 

1 20. The computer network as recited in claim 19, wherein the secret device key shared with 

2 the network device is stored in encrypted form on the disk and decrypted by the 

3 cryptography circuitry. 

1 21 . The computer network as recited in claim 12, wherein: 

2 (c) the cryptographic circuitry comprises an immutable secret drive key configured 

3 during manufacture of the disk drive; and 

4 (d) the secret drive key for use in decrypting the encrypted data stored on the disk. 
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1 22. A computer network comprising a plurality of interconnected network devices including: 

2 (a) a plurality of client computers; 

3 (b) an authentication server; and 

4 (c) a disk drive comprising: 

5 an interface for receiving an encrypted device access request and for 

6 inputting/outputting user data from/to a client computer; 

7 a disk for storing data; 

8 a disk controller for controlling access to the disk; 

9 an internal drive key; 

M) a secret device key shared with the authentication server, the secret device key stored 

ijl in encrypted form; 

Sz cryptographic circuitry, responsive to the internal drive key, for decrypting the 

l[j3 encrypted secret device key to generate a decrypted secret device key; and 

an authenticator, responsive to the decrypted secret device key, for authenticating the 

j!5 device access request. 

Ql 23. The computer network as recited in claim 22, wherein the encrypted secret device key is 

2 stored on the disk. 

1 24, The computer network as recited in claim 22, wherein the encrypted secret device key is 

2 configiu-ed during manufacture of the disk drive. 

1 25. The computer network as recited in claim 22, wherein the disk drive transmits the 

2 encrypted secret device key to the authentication server. 

1 26. The computer network as recited in claim 22, wherein the intemal drive key comprises 
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2 tamper-resistant circuitry. 



Y:\K35A\A0638\DOCS\k35a0638paf.doc 7/3 1/00 



17 



